I have a query on how the 6500s running in VSS mode would route the traffic over an OSPF environment where it has leant about two equal cost paths, but one via the 2nd chassis. Proposed setup - 2 6509s running in VSS. Switch-1 in VSS has a layer 3 connection (via a LES circuit) to one of a pair of Nexus 7Ks at another office. Switch-2 in the VSS has another layer 3 connection (via LES by another provider) to the other N7K at the other office. The L3 connections would use /30 ranges and allow each Nexus to form an ospf neighbour relationship with the VSS. We want to keep both offices environments separate so although we do have L2 circuits we're using these to provide L3 connectivity between sites & exchange routing info via them using ospf. Each Nexus will advertise all the directly connected networks it knows about to the 6509s running in VSS. Thus I couldn't figure out if for example we have users/servers behind our VSS 6509s, these would need to go via their default gateway to get to a network located off the LAN, the default gw ip in VSS setup exisits on the control plane on switch-1 (in normal operation). Then to get to a network that is located off the Nexuses at the other site it would have 2 equal cost paths to it, however one of these paths would be via the VSL link and off the switch-2 chassis. I wasn't therefore sure if we'd actually ever see any transmit traffic via the 2nd L3 connection because I have a funny feeling that I've read the VSS always choses the local chassis egress rather than going via the VSL to use another port... Would anyone know the answer to whether we'd get roughly equal distribution of traffic across the 2 circuits between sites? All of the above is theorectical at the moment as currently both circuits are connected to a single Nexus/6509 chassis however for improved resilence I want to move one of the circuits to be physically attached to the other Nexus & 6509 chasis at each site but I wasn't then sure how the traffic flows would be affected.
... View more

Hi Peter, Many thanks for the quick response. I was just digging out the BCMSN course books we have in the library and reading up on the STP security features so was thinking of the BPDU Guard and root guard features but hadn't realised there was also the bpdu filter option - so thanks for that one! Yes it will be a port-channel between our core 6509 switch and theirs via 4 gig ports - actually we want to try to send the traffic via our FWSM blade for this connection as well until we know more about what access the other companies users need to our network (just to complicate things!). Basically we want to route traffic between our networks via an interface on our FWSM but over the 4 gig trunk connection. E.g. they use 10.x.x.x/24 networks ranges in their company and we use 192.168.x.x/24 networks in ours. So the plan is to create a /30 network assign an ip to a new FWSM vlan on our side and the other to an SVI on their core switch, then route the traffic. But anyway keeping the RSTP separate was my first concern before we even start amending the routing! Once again many thanks Peter. Chris.
... View more

In order to provide a higher throughput link we want to connect our core switch to a company we are integrating with over a 4 gig trunk. However they run RSTP on thier LAN and so do we. I think we will run into issues with this when the trunk comes up between our core switch and theirs. Has anyone got any advice on what issues may occur and if there is a way around keeping each companies current RSTP 'domain' separate until the companies are fully integrated on to one LAN. (This is meant to be an interim solution while their infrastructure and users are moved onto our kit, the current connection is via a routed firewall connection to their network so hoping to replace this with a switch to switch 4 gig trunk as we're now physically in the same building with the company merger that has happend). Regards, Chris
... View more